Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Overview
Protecting the privacy of customer data and maintaining trust are salesforce.coms core values. The Force.com platform has numerous built-in security features and protections, which can be utilized by our org administrators and developers. In addition, a number of free security resources are available to assist developers with education, design, and development of their applications.
isAccessible()
isUpdateable()
SFDCEncoder Class
SFDC_JSENCODE SFDC_JSINHTMLENCODE SFDC_HTMLENCODE
Provides text escaping functions for Force.com. Escapes data for use in JavaScript quoted strings. Escapes data for use in JavaScript quoted strings that will be used in HTML tags. Escapes data for use in HTML tags. Escapes data for use in URLs according to RFC 3986 syntax.
isDeleteable()
SFDC_URLENCODE
isAccessible() isUpdateable()
encryptWithManagedIV()
decrypt() decryptWithManagedIV()
HTMLENCODE URLENCODE
http://developer.force.com
Session Settings
Controls available for general session handling settings, including session timeout. These settings can be found under Setup | Security Controls | Session Settings. Setting Name Timeout value Description Idle session time before automatically logging user out of Salesforce. Disable the warning browser pop-up when a user is about to be logged out from the idle session timeout. Force the user session to remain locked to the IP address from which the user authenticated. May impact AppExchange installations. Require HTTPS on all page requests. Recommended 30 minutes
getInstance()
Disable session timeout warning popup Lock sessions to the IP address from which they originate
Yes
getValues()
getOrgDefaults()
Require secure connections (https) Enable caching and autocomplete on login page
Yes
Password Policies
Controls available for enabling password restrictions and account lockout settings. These settings can be found under Setup | Security Controls | Password Policies. Setting Name User passwords expire in Enforce password history Minimum password length Password complexity requirement Password question requirement Maximum invalid login attempts Lockout effective period Description Frequency to automatically expire passwords. Number of previous passwords to save to prevent password re-use. Minimum length of a password. Recommended 90 days
Allow the users browser to store and autocomplete usernames or passwords after first login.
No
5 passwords remembered
8 characters
Controls whether the password contains a mix of letters and numbers. Require the users password hint to not contain the password. Number of invalid logins allowed before locking out the account. Length of time an account remains locked out.
Sensitive Permissions
Premission Author Apex Description
When using profiles, we recommend reviewing profiles for these sensitive permissions. Permissions per profile can be viewed at Setup | Manage users | Profiles. 30 minutes
Can modify and deploy Apex. By default, Apex code runs with full administrative privileges. Make configuration changes to the organizational settings.
The ability to create or modify user accounts, including logins, sharing rules, and login restrictions. This permission gives the user the ability to create, edit, or delete all data in Salesforce. Prevent the password from expiring.
Modify All Data Delegated authentication: Contact Support Federated authentication: Setup | Security Controls | Single Sign-On Settings
030712